Subscribe to this blog

Follow by Email

Posts

In my case there was a distribution group with defined message delivery restrictions. That distribution group could accept messages only from senders defined in list box. And, when I tried to modify the list of users I was receiving following error message :
"Set-DistributionGroup Failed: Error: Couldn't find object "domain/local/disabled users/user who is no longer in company."
The disabled user was not on the list presented by Exchange 2010 EMC, so I can't remove it from the console.
Resolution for this problem can be done by Exchage 2007 EMC (you can see the disabled user in message delivery restriction's dialog list box) if you are in migration period from Exchange 2007, or using Active Directory Users and Computers console from Windows Server 2008 or ADSIEdit. From properties of "problematic" distribution group using attribute editor tab (aduc console), there is authOrig attribute value populated with users that can send email messages to t…

You can use certificate mmc console to request SAN certificate for your web server (server authentication). After you have add snap-in for certificates for your local computer store, you can create custom request :

Certificate enrolment wizard will start. On Before You Begin page click Next and on Select Certificate Enrollment Policy select Custom Request (Proceed without enrollment policy) and Next.

My best practice is to create another custom receive connector for anonymous users instead of using the default one, where you can limit by source IP address who will be able to anonymously relay emails. To do so you will have to grant anonymous connections extended right to accept any recipient email address (for example we have created new receive connector "AnoRel") :

If you're running out of space on your (virtual) machine with installed Windows Server 2008 R2 and you have installed SP1, and after some time you decide that everything is working fine with installed service pack, you have an option to remove service pack backup created files. One possible way to do that is using DISM :
DISM.exe /online /Cleanup-Image /spsuperseded
More on SP1 about deployment, removal and uninstall on http://technet.microsoft.com/en-us/library/ff817650(WS.10).aspx .

If you would like to decompress files that have been previously compressed by disk cleanup, because you have probably replaced (imaged) old small disk with bigger one, and you want to achieve better performance run :

If you would like to customize default owa logo after you log on to OWA 2010 :

you will have to change (replace) default OWA logo from the sprites file. You can find sprite and css file on following location :\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\<version>\themes\base\ (csssprites.png and csssprites.css) . If you open the the sprites you will see the default logo:

If you open the css file, you will see that logo size should be 144x42 :

.sprites-logoowa-png{background-image:url(‘csssprites.png’);background-position:-62px 0px;width: 144px;height: 42px;}After changing (inserting) new logo in the sprites file, you will be able to see your new logo after logging on to owa 2010 (note: be careful when modifying the sprites file).

Receive connector <receive connector name> rejected an incoming connection from IP address a.b.c.d. The maximum number of connections per source (20) for this connector has been reached by this source IP address.
Receive connectors has parameter that specifies maximum number of inbound connections that receive connector serves at the same time from single IP address. You can change this value by using set-receiveconnector cmdlet (for example to set this parameter to 50 concurrent connections from same IP address: set-receiveconnector "unique receive connector name" -MaxInboundConnectionPerSource 50 ). More on set-receiveconnector http://technet.microsoft.com/en-us/library/bb125140.aspx .

When moving mailbox from Exchange 2007 to Exchange 2010 organization I have experienced the following error message :

Error:
Active Directory operation failed on dc.domain.local. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
The user has insufficient access rights.
The reason for this is that inheritable permissions are not turned on for the user. As a resolution for this error check the "Allow inheritable Permissions from this object's parent" check box from AD user's advanced security setting dialog:

The resolution for the problem is published as kb KB22812 , or long story short try to avoid load balancers (point bes express server on some of your CAS servers behind defined Load Balancer, using hosts file).

You can experience something like BAS-NCC.exe is restarting couple of times, every ten minutes past the hour on your BES Express server and your receiving the following error in your application event log :

Blackberry has a published kb (KB23927) describing the following problem for Windows Server 2008 and Windows Server 2008 R2, and as a resolution for the problem you should upgrade to BES Express 5.0 SP3. In my case the OS is Windows Server 2003 R2 SP2 and the BES version is 5.0 SP3 MR 1 and I'm experiencing the same problem ?!?!?!

As a resolution for the problem in my case was to remove proxy server settings from the account the service was running. The account did not have permission to use the proxy settings. BES Express server 5.0 will try to connect to Internet to download device.xml and vendor.xml files. More about it on published kb KB13589 .

In my case Exchange organization was migrated from Exchange 2000 to Exchange 2007. Public folder replication between Exchange 2000 and 2007 servers was OK, before removing the last Exchange 2000 server. Also, after removing the last Exchange 2000 server, public folder replication was working fine, between Exchange 2007 mailbox servers. When Exchange 2010 mailbox servers were introduced into organization, email flow was OK, but public folder databases created on Exchange 2010 servers were not replicating with public folder databases mounted on Exchange 2007 mailbox servers. On Exchange 2010 mailbox servers event log I have found the following event :

I have experienced few BSOD last week, after updating some of my device drivers on my workstation Windows 7 SP1 (x86). Since I was updating from Microsoft update, i was not suspecting that there might be problems with updated drivers. So, I have scheduled checkdisk of my HDD for surface scan, suspecting for bad sectors. Fortunately, my HDD was free of bad sectors, so I decided to examine the crash dump file using windbg. For more info how to obtain windbg, how to read small memory dump and how to setup symbols please check Microsoft articles : http://support.microsoft.com/kb/311503 and http://support.microsoft.com/kb/315263 .

In my migration scenario for Exchange 2010 I was using Exchange calculator from Exchange team http://blogs.technet.com/b/exchange/archive/2009/11/09/3408737.aspx , and in order to calculate required number of IOPS per database (or server), one of the required input parameters are total messages per mailbox per day and average message size in KB. So, if you don't want just to guess number of total messages per mailbox per day and average message size, you can use Rob's script for gathering email statistics http://gallery.technet.microsoft.com/scriptcenter/bb94b422-eb9e-4c53-a454-f7da6ddfb5d6?SRC=Home . From all the data gathered you can use "Received Total Messages" and "Sent Unique Total" to get Total Number of messages per user. Also, you can use Received MB Total and Sent Unique MB Total to count daily traffic in MB for each user. Using these two parameters you can count average number of total messages per mailbox per day, and average size in MB (KB) for…

If you're testing your disk subsystem for Exchange 2010 with Jetstress and you're unable to make it "green" pass because database read latency is higher than 20 msec than it's time for reducing number of threads and for fine tuning. But, if you reduce number of threads than you will lose number of IOPS.
For example: with 2 threads you can't achieve required number of IOPS and with 3 threads you're achieving number of IOPS but database read latencies are higher than 20 msecs, in that case you can use "SluggishSessions" parameter. You can find this parameter in JetstressConfig.xml file. By default this parameter is set to 1, you can start increasing this number by 1, which will make Jetstress to add pause between tasks. With increasing "SluggishSessions" parameter you will lose IOPS.

For example : with thread count 3 and SluggishSession 2, I was able to achieve required number of IOPS but database read latencies were still higher than 20…

I have experienced something strange on Hyper V cluster based on Windows Server 2008 R2 SP1 Enterprise and VM guest with same OS but Standard edition, with time synchronization enabled but VM was still out of sync.
I have checked that Windows time service was running and queried the source for synchronization and it was free running system clock !
After restarting the windows time service, the VM started to sync with local CMOS clock instead of synchronizing with host (parent partition).
I'm guessing that VM was not reading the setting for the time synchronization from the VM configuration, so I have disabled the setting and re enabled and restarted the windows time service, and finally within few seconds the VM was synchronizing the time with host :

One more thing : if the server is Windows 2008 R2 and the machine is not domain joined the windows time service will stop automatically. On reboot you can see the following event :

If you try to delete computer object in AD, you might receive warning message that Object <computername> contains other objects. To see what that computer object contains select in View menu "Users,Contacts,Groups and Computers as containers" in Active Directory Users and Computers Console and you will be able to see what that computer object contains.

In most cases it will be a printer, if the computer object is client workstation.

Internet explorer 9 includes cross-site scripting (XSS) filter which is enabled by default http://windows.microsoft.com/en-GB/internet-explorer/products/ie-9/features/cross-site-scripting-filter . In my case IE 9 was pushed via WSUS, and there were couple of older web applications still running, that IE9 was preventing from running properly thanks to the enabled XSS filter.
If you trust the application or it is running on intranet, and from some reason IE 9 is not applying local intranet zone settings, just add the link manually to the local intranet zone (local intranet zone has by default XSS filter disabled).

If you try to install OS to the same client within one hour from the previous deployment, the machine will fail to boot into PXE. To fix this change the (HKLM\Software\Microsoft\SMS\PXE\CacheExpire value to for example 120 (2 minutes), 0 is presumed 60 minutes. For more info please check http://support.microsoft.com/kb/2019640 .

So, if you try to access pages via https on port different than 443 via TMG with https inspection enabled and you check logs on TMG you can see the following error "12204 The specified Secure Sockets Layer (SSL) port is not allowed. Forefront TMG is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests".
As a solution to this error I have bumped on the following article http://technet.microsoft.com/en-us/library/cc302450.aspx . There are three scripts for managing tunnel port ranges (view,add,delete). In my case I should access 8443 for ssl. So, I have added new tunnel port range with single port 8443. Started the script like : "cscript addrange.vbs ssl8443 8443" . And, TMG started proxyng ssl requests to requested destination on 8443.

If you receive a blank page on your Internet Explorer when you try to open streamed pdf document, and you have tried almost anything including resetting the browser, re-installing Adobe Reader (pre-registering active-x plug-in), installing the latest version of Adobe Reader ...and still you're receiving white blank page, try opening the same streamed pdf document via http (if you're hosting the web server, or someone can provide that for you). In my case I could successfully open streamed pdf document when the document was provided via http. So, I started digging deeper and bumped on the following article http://support.microsoft.com/kb/323308 "Internet Explorer file downloads over SSL do not work with the cache control headers". In my scenario the client is running on XP with IE 8 and Adobe reader 8, and the web server IIS 7.5. In Microsoft's KB there is a solution for IE 8, where I have added the following key "BypassSSLNoCacheCheck"=Dword:00000001 an…